search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kqueue: Knote should not be accessed once the KN_PROCESSING is cleared
[dragonfly.git] / sys / kern / kern_dmsg.c
blobe22004f91a2fe4f6dccca13c5ac9daa603ef4cfe
1 /*-
2 * Copyright (c) 2012 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
16 * distribution.
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34 /*
35 * TODO: txcmd CREATE state is deferred by tx msgq, need to calculate
36 * a streaming response. See subr_diskiocom()'s diskiodone().
37 */
38 #include <sys/param.h>
39 #include <sys/types.h>
40 #include <sys/kernel.h>
41 #include <sys/conf.h>
42 #include <sys/systm.h>
43 #include <sys/queue.h>
44 #include <sys/tree.h>
45 #include <sys/malloc.h>
46 #include <sys/mount.h>
47 #include <sys/socket.h>
48 #include <sys/vnode.h>
49 #include <sys/sysctl.h>
50 #include <sys/file.h>
51 #include <sys/proc.h>
52 #include <sys/priv.h>
53 #include <sys/thread.h>
54 #include <sys/globaldata.h>
55 #include <sys/limits.h>
56
57 #include <sys/dmsg.h>
58
59 RB_GENERATE(kdmsg_state_tree, kdmsg_state, rbnode, kdmsg_state_cmp);
60
61 SYSCTL_NODE(, OID_AUTO, kdmsg, CTLFLAG_RW, 0, "kdmsg");
62 static int kdmsg_debug = 1;
63 SYSCTL_INT(_kdmsg, OID_AUTO, debug, CTLFLAG_RW, &kdmsg_debug, 0,
64 "Set debug level for kernel dmsg layer");
65
66 #define kd_printf(level, ctl, ...) \
67 if (kdmsg_debug >= (level)) kprintf("kdmsg: " ctl, __VA_ARGS__)
68
69 #define kdio_printf(iocom, level, ctl, ...) \
70 if (kdmsg_debug >= (level)) kprintf("kdmsg: " ctl, __VA_ARGS__)
71
72 static int kdmsg_msg_receive_handling(kdmsg_msg_t *msg);
73 static int kdmsg_state_msgrx(kdmsg_msg_t *msg);
74 static int kdmsg_state_msgtx(kdmsg_msg_t *msg);
75 static void kdmsg_msg_write_locked(kdmsg_iocom_t *iocom, kdmsg_msg_t *msg);
76 static void kdmsg_state_cleanuprx(kdmsg_msg_t *msg);
77 static void kdmsg_state_cleanuptx(kdmsg_msg_t *msg);
78 static void kdmsg_subq_delete(kdmsg_state_t *state);
79 static void kdmsg_simulate_failure(kdmsg_state_t *state, int meto, int error);
80 static void kdmsg_state_abort(kdmsg_state_t *state);
81 static void kdmsg_state_dying(kdmsg_state_t *state);
82 static void kdmsg_state_free(kdmsg_state_t *state);
83
84 #ifdef KDMSG_DEBUG
85 #define KDMSG_DEBUG_ARGS , const char *file, int line
86 #define kdmsg_state_hold(state) _kdmsg_state_hold(state, __FILE__, __LINE__)
87 #define kdmsg_state_drop(state) _kdmsg_state_drop(state, __FILE__, __LINE__)
88 #else
89 #define KDMSG_DEBUG_ARGS
90 #define kdmsg_state_hold(state) _kdmsg_state_hold(state)
91 #define kdmsg_state_drop(state) _kdmsg_state_drop(state)
92 #endif
93 static void _kdmsg_state_hold(kdmsg_state_t *state KDMSG_DEBUG_ARGS);
94 static void _kdmsg_state_drop(kdmsg_state_t *state KDMSG_DEBUG_ARGS);
95
96 static void kdmsg_iocom_thread_rd(void *arg);
97 static void kdmsg_iocom_thread_wr(void *arg);
98 static int kdmsg_autorxmsg(kdmsg_msg_t *msg);
99
100 /*static struct lwkt_token kdmsg_token = LWKT_TOKEN_INITIALIZER(kdmsg_token);*/
101
102 /*
103 * Initialize the roll-up communications structure for a network
104 * messaging session. This function does not install the socket.
105 */
106 void
107 kdmsg_iocom_init(kdmsg_iocom_t *iocom, void *handle, uint32_t flags,
108 struct malloc_type *mmsg,
109 int (*rcvmsg)(kdmsg_msg_t *msg))
110 {
111 bzero(iocom, sizeof(*iocom));
112 iocom->handle = handle;
113 iocom->mmsg = mmsg;
114 iocom->rcvmsg = rcvmsg;
115 iocom->flags = flags;
116 lockinit(&iocom->msglk, "h2msg", 0, 0);
117 TAILQ_INIT(&iocom->msgq);
118 RB_INIT(&iocom->staterd_tree);
119 RB_INIT(&iocom->statewr_tree);
120
121 iocom->state0.iocom = iocom;
122 iocom->state0.parent = &iocom->state0;
123 TAILQ_INIT(&iocom->state0.subq);
124 }
125
126 /*
127 * [Re]connect using the passed file pointer. The caller must ref the
128 * fp for us. We own that ref now.
129 */
130 void
131 kdmsg_iocom_reconnect(kdmsg_iocom_t *iocom, struct file *fp,
132 const char *subsysname)
133 {
134 /*
135 * Destroy the current connection
136 */
137 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
138 atomic_set_int(&iocom->msg_ctl, KDMSG_CLUSTERCTL_KILLRX);
139 while (iocom->msgrd_td || iocom->msgwr_td) {
140 wakeup(&iocom->msg_ctl);
141 lksleep(iocom, &iocom->msglk, 0, "clstrkl", hz);
142 }
143
144 /*
145 * Drop communications descriptor
146 */
147 if (iocom->msg_fp) {
148 fdrop(iocom->msg_fp);
149 iocom->msg_fp = NULL;
150 }
151
152 /*
153 * Setup new communications descriptor
154 */
155 iocom->msg_ctl = 0;
156 iocom->msg_fp = fp;
157 iocom->msg_seq = 0;
158 iocom->flags &= ~KDMSG_IOCOMF_EXITNOACC;
159
160 lwkt_create(kdmsg_iocom_thread_rd, iocom, &iocom->msgrd_td,
161 NULL, 0, -1, "%s-msgrd", subsysname);
162 lwkt_create(kdmsg_iocom_thread_wr, iocom, &iocom->msgwr_td,
163 NULL, 0, -1, "%s-msgwr", subsysname);
164 lockmgr(&iocom->msglk, LK_RELEASE);
165 }
166
167 /*
168 * Caller sets up iocom->auto_lnk_conn and iocom->auto_lnk_span, then calls
169 * this function to handle the state machine for LNK_CONN and LNK_SPAN.
170 */
171 static int kdmsg_lnk_conn_reply(kdmsg_state_t *state, kdmsg_msg_t *msg);
172 static int kdmsg_lnk_span_reply(kdmsg_state_t *state, kdmsg_msg_t *msg);
173
174 void
175 kdmsg_iocom_autoinitiate(kdmsg_iocom_t *iocom,
176 void (*auto_callback)(kdmsg_msg_t *msg))
177 {
178 kdmsg_msg_t *msg;
179
180 iocom->auto_callback = auto_callback;
181
182 msg = kdmsg_msg_alloc(&iocom->state0,
183 DMSG_LNK_CONN | DMSGF_CREATE,
184 kdmsg_lnk_conn_reply, NULL);
185 iocom->auto_lnk_conn.head = msg->any.head;
186 msg->any.lnk_conn = iocom->auto_lnk_conn;
187 iocom->conn_state = msg->state;
188 kdmsg_state_hold(msg->state); /* iocom->conn_state */
189 kdmsg_msg_write(msg);
190 }
191
192 static
193 int
194 kdmsg_lnk_conn_reply(kdmsg_state_t *state, kdmsg_msg_t *msg)
195 {
196 kdmsg_iocom_t *iocom = state->iocom;
197 kdmsg_msg_t *rmsg;
198
199 /*
200 * Upon receipt of the LNK_CONN acknowledgement initiate an
201 * automatic SPAN if we were asked to. Used by e.g. xdisk, but
202 * not used by HAMMER2 which must manage more than one transmitted
203 * SPAN.
204 */
205 if ((msg->any.head.cmd & DMSGF_CREATE) &&
206 (iocom->flags & KDMSG_IOCOMF_AUTOTXSPAN)) {
207 rmsg = kdmsg_msg_alloc(&iocom->state0,
208 DMSG_LNK_SPAN | DMSGF_CREATE,
209 kdmsg_lnk_span_reply, NULL);
210 iocom->auto_lnk_span.head = rmsg->any.head;
211 rmsg->any.lnk_span = iocom->auto_lnk_span;
212 kdmsg_msg_write(rmsg);
213 }
214
215 /*
216 * Process shim after the CONN is acknowledged and before the CONN
217 * transaction is deleted. For deletions this gives device drivers
218 * the ability to interlock new operations on the circuit before
219 * it becomes illegal and panics.
220 */
221 if (iocom->auto_callback)
222 iocom->auto_callback(msg);
223
224 if ((state->txcmd & DMSGF_DELETE) == 0 &&
225 (msg->any.head.cmd & DMSGF_DELETE)) {
226 /*
227 * iocom->conn_state has a state ref, drop it when clearing.
228 */
229 if (iocom->conn_state)
230 kdmsg_state_drop(iocom->conn_state);
231 iocom->conn_state = NULL;
232 kdmsg_msg_reply(msg, 0);
233 }
234
235 return (0);
236 }
237
238 static
239 int
240 kdmsg_lnk_span_reply(kdmsg_state_t *state, kdmsg_msg_t *msg)
241 {
242 /*
243 * Be sure to process shim before terminating the SPAN
244 * transaction. Gives device drivers the ability to
245 * interlock new operations on the circuit before it
246 * becomes illegal and panics.
247 */
248 if (state->iocom->auto_callback)
249 state->iocom->auto_callback(msg);
250
251 if ((state->txcmd & DMSGF_DELETE) == 0 &&
252 (msg->any.head.cmd & DMSGF_DELETE)) {
253 kdmsg_msg_reply(msg, 0);
254 }
255 return (0);
256 }
257
258 /*
259 * Disconnect and clean up
260 */
261 void
262 kdmsg_iocom_uninit(kdmsg_iocom_t *iocom)
263 {
264 kdmsg_state_t *state;
265 kdmsg_msg_t *msg;
266 int retries;
267
268 /*
269 * Ask the cluster controller to go away by setting
270 * KILLRX. Send a PING to get a response to unstick reading
271 * from the pipe.
272 *
273 * After 10 seconds shitcan the pipe and do an unclean shutdown.
274 */
275 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
276
277 atomic_set_int(&iocom->msg_ctl, KDMSG_CLUSTERCTL_KILLRX);
278 msg = kdmsg_msg_alloc(&iocom->state0, DMSG_LNK_PING, NULL, NULL);
279 kdmsg_msg_write_locked(iocom, msg);
280
281 retries = 10;
282 while (iocom->msgrd_td || iocom->msgwr_td) {
283 wakeup(&iocom->msg_ctl);
284 lksleep(iocom, &iocom->msglk, 0, "clstrkl", hz);
285 if (--retries == 0 && iocom->msg_fp) {
286 kdio_printf(iocom, 0, "%s\n",
287 "iocom_uninit: "
288 "shitcanning unresponsive pipe");
289 fp_shutdown(iocom->msg_fp, SHUT_RDWR);
290 /* retries allowed to go negative, keep looping */
291 }
292 }
293
294 /*
295 * Cleanup caches
296 */
297 if ((state = iocom->freerd_state) != NULL) {
298 iocom->freerd_state = NULL;
299 kdmsg_state_drop(state);
300 }
301
302 if ((state = iocom->freewr_state) != NULL) {
303 iocom->freewr_state = NULL;
304 kdmsg_state_drop(state);
305 }
306
307 /*
308 * Drop communications descriptor
309 */
310 if (iocom->msg_fp) {
311 fdrop(iocom->msg_fp);
312 iocom->msg_fp = NULL;
313 }
314 lockmgr(&iocom->msglk, LK_RELEASE);
315 }
316
317 /*
318 * Cluster controller thread. Perform messaging functions. We have one
319 * thread for the reader and one for the writer. The writer handles
320 * shutdown requests (which should break the reader thread).
321 */
322 static
323 void
324 kdmsg_iocom_thread_rd(void *arg)
325 {
326 kdmsg_iocom_t *iocom = arg;
327 dmsg_hdr_t hdr;
328 kdmsg_msg_t *msg = NULL;
329 size_t hbytes;
330 size_t abytes;
331 int error = 0;
332
333 while ((iocom->msg_ctl & KDMSG_CLUSTERCTL_KILLRX) == 0) {
334 /*
335 * Retrieve the message from the pipe or socket.
336 */
337 error = fp_read(iocom->msg_fp, &hdr, sizeof(hdr),
338 NULL, 1, UIO_SYSSPACE);
339 if (error)
340 break;
341 if (hdr.magic != DMSG_HDR_MAGIC) {
342 kdio_printf(iocom, 1, "bad magic: %04x\n", hdr.magic);
343 error = EINVAL;
344 break;
345 }
346 hbytes = (hdr.cmd & DMSGF_SIZE) * DMSG_ALIGN;
347 if (hbytes < sizeof(hdr) || hbytes > DMSG_HDR_MAX) {
348 kdio_printf(iocom, 1, "bad header size %zd\n", hbytes);
349 error = EINVAL;
350 break;
351 }
352
353 /* XXX messy: mask cmd to avoid allocating state */
354 msg = kdmsg_msg_alloc(&iocom->state0,
355 hdr.cmd & DMSGF_BASECMDMASK,
356 NULL, NULL);
357 msg->any.head = hdr;
358 msg->hdr_size = hbytes;
359 if (hbytes > sizeof(hdr)) {
360 error = fp_read(iocom->msg_fp, &msg->any.head + 1,
361 hbytes - sizeof(hdr),
362 NULL, 1, UIO_SYSSPACE);
363 if (error) {
364 kdio_printf(iocom, 1, "%s\n",
365 "short msg received");
366 error = EINVAL;
367 break;
368 }
369 }
370 msg->aux_size = hdr.aux_bytes;
371 if (msg->aux_size > DMSG_AUX_MAX) {
372 kdio_printf(iocom, 1,
373 "illegal msg payload size %zd\n",
374 msg->aux_size);
375 error = EINVAL;
376 break;
377 }
378 if (msg->aux_size) {
379 abytes = DMSG_DOALIGN(msg->aux_size);
380 msg->aux_data = kmalloc(abytes, iocom->mmsg, M_WAITOK);
381 msg->flags |= KDMSG_FLAG_AUXALLOC;
382 error = fp_read(iocom->msg_fp, msg->aux_data,
383 abytes, NULL, 1, UIO_SYSSPACE);
384 if (error) {
385 kdio_printf(iocom, 1, "%s\n",
386 "short msg payload received");
387 break;
388 }
389 }
390
391 error = kdmsg_msg_receive_handling(msg);
392 msg = NULL;
393 }
394
395 kdio_printf(iocom, 1, "read thread terminating error=%d\n", error);
396
397 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
398 if (msg)
399 kdmsg_msg_free(msg);
400
401 /*
402 * Shutdown the socket and set KILLRX for consistency in case the
403 * shutdown was not commanded. Signal the transmit side to shutdown
404 * by setting KILLTX and waking it up.
405 */
406 fp_shutdown(iocom->msg_fp, SHUT_RDWR);
407 atomic_set_int(&iocom->msg_ctl, KDMSG_CLUSTERCTL_KILLRX |
408 KDMSG_CLUSTERCTL_KILLTX);
409 iocom->msgrd_td = NULL;
410 lockmgr(&iocom->msglk, LK_RELEASE);
411 wakeup(&iocom->msg_ctl);
412
413 /*
414 * iocom can be ripped out at any time once the lock is
415 * released with msgrd_td set to NULL. The wakeup()s are safe but
416 * that is all.
417 */
418 wakeup(iocom);
419 lwkt_exit();
420 }
421
422 static
423 void
424 kdmsg_iocom_thread_wr(void *arg)
425 {
426 kdmsg_iocom_t *iocom = arg;
427 kdmsg_msg_t *msg;
428 ssize_t res;
429 size_t abytes;
430 int error = 0;
431 int save_ticks;
432 int didwarn;
433
434 /*
435 * Transmit loop
436 */
437 msg = NULL;
438 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
439
440 while ((iocom->msg_ctl & KDMSG_CLUSTERCTL_KILLTX) == 0 && error == 0) {
441 /*
442 * Sleep if no messages pending. Interlock with flag while
443 * holding msglk.
444 */
445 if (TAILQ_EMPTY(&iocom->msgq)) {
446 atomic_set_int(&iocom->msg_ctl,
447 KDMSG_CLUSTERCTL_SLEEPING);
448 lksleep(&iocom->msg_ctl, &iocom->msglk, 0, "msgwr", hz);
449 atomic_clear_int(&iocom->msg_ctl,
450 KDMSG_CLUSTERCTL_SLEEPING);
451 }
452
453 while ((msg = TAILQ_FIRST(&iocom->msgq)) != NULL) {
454 /*
455 * Remove msg from the transmit queue and do
456 * persist and half-closed state handling.
457 */
458 TAILQ_REMOVE(&iocom->msgq, msg, qentry);
459
460 error = kdmsg_state_msgtx(msg);
461 if (error == EALREADY) {
462 error = 0;
463 kdmsg_msg_free(msg);
464 continue;
465 }
466 if (error) {
467 kdmsg_msg_free(msg);
468 break;
469 }
470
471 /*
472 * Dump the message to the pipe or socket.
473 *
474 * We have to clean up the message as if the transmit
475 * succeeded even if it failed.
476 */
477 lockmgr(&iocom->msglk, LK_RELEASE);
478 error = fp_write(iocom->msg_fp, &msg->any,
479 msg->hdr_size, &res, UIO_SYSSPACE);
480 if (error || res != msg->hdr_size) {
481 if (error == 0)
482 error = EINVAL;
483 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
484 kdmsg_state_cleanuptx(msg);
485 break;
486 }
487 if (msg->aux_size) {
488 abytes = DMSG_DOALIGN(msg->aux_size);
489 error = fp_write(iocom->msg_fp,
490 msg->aux_data, abytes,
491 &res, UIO_SYSSPACE);
492 if (error || res != abytes) {
493 if (error == 0)
494 error = EINVAL;
495 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
496 kdmsg_state_cleanuptx(msg);
497 break;
498 }
499 }
500 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
501 kdmsg_state_cleanuptx(msg);
502 }
503 }
504
505 kdio_printf(iocom, 1, "write thread terminating error=%d\n", error);
506
507 /*
508 * Shutdown the socket and set KILLTX for consistency in case the
509 * shutdown was not commanded. Signal the receive side to shutdown
510 * by setting KILLRX and waking it up.
511 */
512 fp_shutdown(iocom->msg_fp, SHUT_RDWR);
513 atomic_set_int(&iocom->msg_ctl, KDMSG_CLUSTERCTL_KILLRX |
514 KDMSG_CLUSTERCTL_KILLTX);
515 wakeup(&iocom->msg_ctl);
516
517 /*
518 * The transmit thread is responsible for final cleanups, wait
519 * for the receive side to terminate to prevent new received
520 * states from interfering with our cleanup.
521 *
522 * Do not set msgwr_td to NULL until we actually exit.
523 */
524 while (iocom->msgrd_td) {
525 wakeup(&iocom->msg_ctl);
526 lksleep(iocom, &iocom->msglk, 0, "clstrkt", hz);
527 }
528
529 /*
530 * We can no longer receive new messages. We must drain the transmit
531 * message queue and simulate received messages to close anay remaining
532 * states.
533 *
534 * Loop until all the states are gone and there are no messages
535 * pending transmit.
536 */
537 save_ticks = ticks;
538 didwarn = 0;
539
540 while (TAILQ_FIRST(&iocom->msgq) ||
541 RB_ROOT(&iocom->staterd_tree) ||
542 RB_ROOT(&iocom->statewr_tree)) {
543 /*
544 * Simulate failure for all sub-states of state0.
545 */
546 kdmsg_drain_msgq(iocom);
547 kdio_printf(iocom, 2, "%s\n",
548 "simulate failure for all substates of state0");
549 kdmsg_simulate_failure(&iocom->state0, 0, DMSG_ERR_LOSTLINK);
550
551 lksleep(iocom, &iocom->msglk, 0, "clstrtk", hz / 2);
552
553 if ((int)(ticks - save_ticks) > hz*2 && didwarn == 0) {
554 didwarn = 1;
555 kdio_printf(iocom, 0,
556 "Warning, write thread on %p "
557 "still terminating\n",
558 iocom);
559 }
560 if ((int)(ticks - save_ticks) > hz*15 && didwarn == 1) {
561 didwarn = 2;
562 kdio_printf(iocom, 0,
563 "Warning, write thread on %p "
564 "still terminating\n",
565 iocom);
566 }
567 if ((int)(ticks - save_ticks) > hz*60) {
568 kdio_printf(iocom, 0,
569 "Can't terminate: msgq %p "
570 "rd_tree %p wr_tree %p\n",
571 TAILQ_FIRST(&iocom->msgq),
572 RB_ROOT(&iocom->staterd_tree),
573 RB_ROOT(&iocom->statewr_tree));
574 lksleep(iocom, &iocom->msglk, 0, "clstrtk", hz * 10);
575 }
576 }
577
578 /*
579 * Exit handling is done by the write thread.
580 */
581 iocom->flags |= KDMSG_IOCOMF_EXITNOACC;
582 lockmgr(&iocom->msglk, LK_RELEASE);
583
584 /*
585 * The state trees had better be empty now
586 */
587 KKASSERT(RB_EMPTY(&iocom->staterd_tree));
588 KKASSERT(RB_EMPTY(&iocom->statewr_tree));
589 KKASSERT(iocom->conn_state == NULL);
590
591 if (iocom->exit_func) {
592 /*
593 * iocom is invalid after we call the exit function.
594 */
595 iocom->msgwr_td = NULL;
596 iocom->exit_func(iocom);
597 } else {
598 /*
599 * iocom can be ripped out from under us once msgwr_td is
600 * set to NULL. The wakeup is safe.
601 */
602 iocom->msgwr_td = NULL;
603 wakeup(iocom);
604 }
605 lwkt_exit();
606 }
607
608 /*
609 * This cleans out the pending transmit message queue, adjusting any
610 * persistent states properly in the process.
611 *
612 * Called with iocom locked.
613 */
614 void
615 kdmsg_drain_msgq(kdmsg_iocom_t *iocom)
616 {
617 kdmsg_msg_t *msg;
618
619 /*
620 * Clean out our pending transmit queue, executing the
621 * appropriate state adjustments. If this tries to open
622 * any new outgoing transactions we have to loop up and
623 * clean them out.
624 */
625 while ((msg = TAILQ_FIRST(&iocom->msgq)) != NULL) {
626 TAILQ_REMOVE(&iocom->msgq, msg, qentry);
627 if (kdmsg_state_msgtx(msg))
628 kdmsg_msg_free(msg);
629 else
630 kdmsg_state_cleanuptx(msg);
631 }
632 }
633
634 /*
635 * Do all processing required to handle a freshly received message
636 * after its low level header has been validated.
637 *
638 * iocom is not locked.
639 */
640 static
641 int
642 kdmsg_msg_receive_handling(kdmsg_msg_t *msg)
643 {
644 kdmsg_iocom_t *iocom = msg->state->iocom;
645 int error;
646
647 /*
648 * State machine tracking, state assignment for msg,
649 * returns error and discard status. Errors are fatal
650 * to the connection except for EALREADY which forces
651 * a discard without execution.
652 */
653 error = kdmsg_state_msgrx(msg);
654 if (msg->state->flags & KDMSG_STATE_ABORTING) {
655 kdio_printf(iocom, 5,
656 "kdmsg_state_abort(b): state %p rxcmd=%08x "
657 "txcmd=%08x msgrx error %d\n",
658 msg->state, msg->state->rxcmd,
659 msg->state->txcmd, error);
660 }
661 if (error) {
662 /*
663 * Raw protocol or connection error
664 */
665 if (msg->state->flags & KDMSG_STATE_ABORTING)
666 kdio_printf(iocom, 5,
667 "X1 state %p error %d\n",
668 msg->state, error);
669 kdmsg_msg_free(msg);
670 if (error == EALREADY)
671 error = 0;
672 } else if (msg->state && msg->state->func) {
673 /*
674 * Message related to state which already has a
675 * handling function installed for it.
676 */
677 if (msg->state->flags & KDMSG_STATE_ABORTING)
678 kdio_printf(iocom, 5,
679 "X2 state %p func %p\n",
680 msg->state, msg->state->func);
681 error = msg->state->func(msg->state, msg);
682 kdmsg_state_cleanuprx(msg);
683 } else if (iocom->flags & KDMSG_IOCOMF_AUTOANY) {
684 if (msg->state->flags & KDMSG_STATE_ABORTING)
685 kdio_printf(iocom, 5,
686 "X3 state %p\n", msg->state);
687 error = kdmsg_autorxmsg(msg);
688 kdmsg_state_cleanuprx(msg);
689 } else {
690 if (msg->state->flags & KDMSG_STATE_ABORTING)
691 kdio_printf(iocom, 5,
692 "X4 state %p\n", msg->state);
693 error = iocom->rcvmsg(msg);
694 kdmsg_state_cleanuprx(msg);
695 }
696 return error;
697 }
698
699 /*
700 * Process state tracking for a message after reception and dequeueing,
701 * prior to execution of the state callback. The state is updated and
702 * will be removed from the RBTREE if completely closed, but the state->parent
703 * and subq linkage is not cleaned up until after the callback (see
704 * cleanuprx()).
705 *
706 * msglk is not held.
707 *
708 * NOTE: A message transaction can consist of several messages in either
709 * direction.
710 *
711 * NOTE: The msgid is unique to the initiator, not necessarily unique for
712 * us or for any relay or for the return direction for that matter.
713 * That is, two sides sending a new message can use the same msgid
714 * without colliding.
715 *
716 * --
717 *
718 * ABORT sequences work by setting the ABORT flag along with normal message
719 * state. However, ABORTs can also be sent on half-closed messages, that is
720 * even if the command or reply side has already sent a DELETE, as long as
721 * the message has not been fully closed it can still send an ABORT+DELETE
722 * to terminate the half-closed message state.
723 *
724 * Since ABORT+DELETEs can race we silently discard ABORT's for message
725 * state which has already been fully closed. REPLY+ABORT+DELETEs can
726 * also race, and in this situation the other side might have already
727 * initiated a new unrelated command with the same message id. Since
728 * the abort has not set the CREATE flag the situation can be detected
729 * and the message will also be discarded.
730 *
731 * Non-blocking requests can be initiated with ABORT+CREATE[+DELETE].
732 * The ABORT request is essentially integrated into the command instead
733 * of being sent later on. In this situation the command implementation
734 * detects that CREATE and ABORT are both set (vs ABORT alone) and can
735 * special-case non-blocking operation for the command.
736 *
737 * NOTE! Messages with ABORT set without CREATE or DELETE are considered
738 * to be mid-stream aborts for command/reply sequences. ABORTs on
739 * one-way messages are not supported.
740 *
741 * NOTE! If a command sequence does not support aborts the ABORT flag is
742 * simply ignored.
743 *
744 * --
745 *
746 * One-off messages (no reply expected) are sent with neither CREATE or DELETE
747 * set. One-off messages cannot be aborted and typically aren't processed
748 * by these routines. The REPLY bit can be used to distinguish whether a
749 * one-off message is a command or reply. For example, one-off replies
750 * will typically just contain status updates.
751 */
752 static
753 int
754 kdmsg_state_msgrx(kdmsg_msg_t *msg)
755 {
756 kdmsg_iocom_t *iocom = msg->state->iocom;
757 kdmsg_state_t *state;
758 kdmsg_state_t *pstate;
759 kdmsg_state_t sdummy;
760 int error;
761
762 /*
763 * Make sure a state structure is ready to go in case we need a new
764 * one. This is the only routine which uses freerd_state so no
765 * races are possible.
766 */
767 if ((state = iocom->freerd_state) == NULL) {
768 state = kmalloc(sizeof(*state), iocom->mmsg, M_WAITOK | M_ZERO);
769 state->flags = KDMSG_STATE_DYNAMIC;
770 state->iocom = iocom;
771 state->refs = 1;
772 TAILQ_INIT(&state->subq);
773 iocom->freerd_state = state;
774 }
775 state = NULL; /* safety */
776
777 /*
778 * Lock RB tree and locate existing persistent state, if any.
779 *
780 * If received msg is a command state is on staterd_tree.
781 * If received msg is a reply state is on statewr_tree.
782 */
783 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
784
785 again:
786 if (msg->state == &iocom->state0) {
787 sdummy.msgid = msg->any.head.msgid;
788 sdummy.iocom = iocom;
789 if (msg->any.head.cmd & DMSGF_REVTRANS) {
790 state = RB_FIND(kdmsg_state_tree, &iocom->statewr_tree,
791 &sdummy);
792 } else {
793 state = RB_FIND(kdmsg_state_tree, &iocom->staterd_tree,
794 &sdummy);
795 }
796
797 /*
798 * Set message state unconditionally. If this is a CREATE
799 * message this state will become the parent state and new
800 * state will be allocated for the message state.
801 */
802 if (state == NULL)
803 state = &iocom->state0;
804 if (state->flags & KDMSG_STATE_INTERLOCK) {
805 state->flags |= KDMSG_STATE_SIGNAL;
806 lksleep(state, &iocom->msglk, 0, "dmrace", hz);
807 goto again;
808 }
809 kdmsg_state_hold(state);
810 kdmsg_state_drop(msg->state); /* iocom->state0 */
811 msg->state = state;
812 } else {
813 state = msg->state;
814 }
815
816 /*
817 * Short-cut one-off or mid-stream messages.
818 */
819 if ((msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE |
820 DMSGF_ABORT)) == 0) {
821 error = 0;
822 goto done;
823 }
824
825 /*
826 * Switch on CREATE, DELETE, REPLY, and also handle ABORT from
827 * inside the case statements.
828 */
829 switch(msg->any.head.cmd & (DMSGF_CREATE|DMSGF_DELETE|DMSGF_REPLY)) {
830 case DMSGF_CREATE:
831 case DMSGF_CREATE | DMSGF_DELETE:
832 /*
833 * New persistant command received.
834 */
835 if (state != &iocom->state0) {
836 kdio_printf(iocom, 1, "%s\n",
837 "duplicate transaction");
838 error = EINVAL;
839 break;
840 }
841
842 /*
843 * Lookup the circuit. The circuit is an open transaction.
844 * the REVCIRC bit in the message tells us which side
845 * initiated the transaction representing the circuit.
846 */
847 if (msg->any.head.circuit) {
848 sdummy.msgid = msg->any.head.circuit;
849
850 if (msg->any.head.cmd & DMSGF_REVCIRC) {
851 pstate = RB_FIND(kdmsg_state_tree,
852 &iocom->statewr_tree,
853 &sdummy);
854 } else {
855 pstate = RB_FIND(kdmsg_state_tree,
856 &iocom->staterd_tree,
857 &sdummy);
858 }
859 if (pstate == NULL) {
860 kdio_printf(iocom, 1, "%s\n",
861 "missing parent in "
862 "stacked trans");
863 error = EINVAL;
864 break;
865 }
866 } else {
867 pstate = &iocom->state0;
868 }
869
870 /*
871 * Allocate new state.
872 *
873 * msg->state becomes the owner of the ref we inherit from
874 * freerd_stae.
875 */
876 kdmsg_state_drop(state);
877 state = iocom->freerd_state;
878 iocom->freerd_state = NULL;
879
880 msg->state = state; /* inherits freerd ref */
881 state->parent = pstate;
882 KKASSERT(state->iocom == iocom);
883 state->flags |= KDMSG_STATE_RBINSERTED |
884 KDMSG_STATE_SUBINSERTED |
885 KDMSG_STATE_OPPOSITE;
886 if (TAILQ_EMPTY(&pstate->subq))
887 kdmsg_state_hold(pstate);/* states on pstate->subq */
888 kdmsg_state_hold(state); /* state on pstate->subq */
889 kdmsg_state_hold(state); /* state on rbtree */
890 state->icmd = msg->any.head.cmd & DMSGF_BASECMDMASK;
891 state->rxcmd = msg->any.head.cmd & ~DMSGF_DELETE;
892 state->txcmd = DMSGF_REPLY;
893 state->msgid = msg->any.head.msgid;
894 state->flags &= ~KDMSG_STATE_NEW;
895 RB_INSERT(kdmsg_state_tree, &iocom->staterd_tree, state);
896 TAILQ_INSERT_TAIL(&pstate->subq, state, entry);
897 error = 0;
898 break;
899 case DMSGF_DELETE:
900 /*
901 * Persistent state is expected but might not exist if an
902 * ABORT+DELETE races the close.
903 */
904 if (state == &iocom->state0) {
905 if (msg->any.head.cmd & DMSGF_ABORT) {
906 kdio_printf(iocom, 1, "%s\n",
907 "msgrx: "
908 "state already A");
909 error = EALREADY;
910 } else {
911 kdio_printf(iocom, 1, "%s\n",
912 "msgrx: no state for DELETE");
913 error = EINVAL;
914 }
915 break;
916 }
917
918 /*
919 * Handle another ABORT+DELETE case if the msgid has already
920 * been reused.
921 */
922 if ((state->rxcmd & DMSGF_CREATE) == 0) {
923 if (msg->any.head.cmd & DMSGF_ABORT) {
924 kdio_printf(iocom, 1, "%s\n",
925 "msgrx: state already B");
926 error = EALREADY;
927 } else {
928 kdio_printf(iocom, 1, "%s\n",
929 "msgrx: state reused for DELETE");
930 error = EINVAL;
931 }
932 break;
933 }
934 error = 0;
935 break;
936 default:
937 /*
938 * Check for mid-stream ABORT command received, otherwise
939 * allow.
940 */
941 if (msg->any.head.cmd & DMSGF_ABORT) {
942 if (state == &iocom->state0 ||
943 (state->rxcmd & DMSGF_CREATE) == 0) {
944 error = EALREADY;
945 break;
946 }
947 }
948 error = 0;
949 break;
950 case DMSGF_REPLY | DMSGF_CREATE:
951 case DMSGF_REPLY | DMSGF_CREATE | DMSGF_DELETE:
952 /*
953 * When receiving a reply with CREATE set the original
954 * persistent state message should already exist.
955 */
956 if (state == &iocom->state0) {
957 kdio_printf(iocom, 1,
958 "msgrx: no state match for "
959 "REPLY cmd=%08x msgid=%016jx\n",
960 msg->any.head.cmd,
961 (intmax_t)msg->any.head.msgid);
962 error = EINVAL;
963 break;
964 }
965 state->rxcmd = msg->any.head.cmd & ~DMSGF_DELETE;
966 error = 0;
967 break;
968 case DMSGF_REPLY | DMSGF_DELETE:
969 /*
970 * Received REPLY+ABORT+DELETE in case where msgid has
971 * already been fully closed, ignore the message.
972 */
973 if (state == &iocom->state0) {
974 if (msg->any.head.cmd & DMSGF_ABORT) {
975 error = EALREADY;
976 } else {
977 kdio_printf(iocom, 1, "%s\n",
978 "msgrx: no state match "
979 "for REPLY|DELETE");
980 error = EINVAL;
981 }
982 break;
983 }
984
985 /*
986 * Received REPLY+ABORT+DELETE in case where msgid has
987 * already been reused for an unrelated message,
988 * ignore the message.
989 */
990 if ((state->rxcmd & DMSGF_CREATE) == 0) {
991 if (msg->any.head.cmd & DMSGF_ABORT) {
992 error = EALREADY;
993 } else {
994 kdio_printf(iocom, 1, "%s\n",
995 "msgrx: state reused "
996 "for REPLY|DELETE");
997 error = EINVAL;
998 }
999 break;
1000 }
1001 error = 0;
1002 break;
1003 case DMSGF_REPLY:
1004 /*
1005 * Check for mid-stream ABORT reply received to sent command.
1006 */
1007 if (msg->any.head.cmd & DMSGF_ABORT) {
1008 if (state == &iocom->state0 ||
1009 (state->rxcmd & DMSGF_CREATE) == 0) {
1010 error = EALREADY;
1011 break;
1012 }
1013 }
1014 error = 0;
1015 break;
1016 }
1017
1018 /*
1019 * Calculate the easy-switch() transactional command. Represents
1020 * the outer-transaction command for any transaction-create or
1021 * transaction-delete, and the inner message command for any
1022 * non-transaction or inside-transaction command. tcmd will be
1023 * set to 0 if the message state is illegal.
1024 *
1025 * The two can be told apart because outer-transaction commands
1026 * always have a DMSGF_CREATE and/or DMSGF_DELETE flag.
1027 */
1028 done:
1029 if (msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE)) {
1030 if (state != &iocom->state0) {
1031 msg->tcmd = (msg->state->icmd & DMSGF_BASECMDMASK) |
1032 (msg->any.head.cmd & (DMSGF_CREATE |
1033 DMSGF_DELETE |
1034 DMSGF_REPLY));
1035 } else {
1036 msg->tcmd = 0;
1037 }
1038 } else {
1039 msg->tcmd = msg->any.head.cmd & DMSGF_CMDSWMASK;
1040 }
1041
1042 /*
1043 * Adjust the state for DELETE handling now, before making the
1044 * callback so we are atomic with other state updates.
1045 *
1046 * Subq/parent linkages are cleaned up after the callback.
1047 * If an error occurred the message is ignored and state is not
1048 * updated.
1049 */
1050 if ((state = msg->state) == NULL || error != 0) {
1051 kdio_printf(iocom, 1,
1052 "msgrx: state=%p error %d\n",
1053 state, error);
1054 } else if (msg->any.head.cmd & DMSGF_DELETE) {
1055 KKASSERT((state->rxcmd & DMSGF_DELETE) == 0);
1056 state->rxcmd |= DMSGF_DELETE;
1057 if (state->txcmd & DMSGF_DELETE) {
1058 KKASSERT(state->flags & KDMSG_STATE_RBINSERTED);
1059 if (state->rxcmd & DMSGF_REPLY) {
1060 KKASSERT(msg->any.head.cmd &
1061 DMSGF_REPLY);
1062 RB_REMOVE(kdmsg_state_tree,
1063 &iocom->statewr_tree, state);
1064 } else {
1065 KKASSERT((msg->any.head.cmd &
1066 DMSGF_REPLY) == 0);
1067 RB_REMOVE(kdmsg_state_tree,
1068 &iocom->staterd_tree, state);
1069 }
1070 state->flags &= ~KDMSG_STATE_RBINSERTED;
1071 kdmsg_state_drop(state); /* state on rbtree */
1072 }
1073 }
1074 lockmgr(&iocom->msglk, LK_RELEASE);
1075
1076 return (error);
1077 }
1078
1079 /*
1080 * Called instead of iocom->rcvmsg() if any of the AUTO flags are set.
1081 * This routine must call iocom->rcvmsg() for anything not automatically
1082 * handled.
1083 */
1084 static int
1085 kdmsg_autorxmsg(kdmsg_msg_t *msg)
1086 {
1087 kdmsg_iocom_t *iocom = msg->state->iocom;
1088 kdmsg_msg_t *rep;
1089 int error = 0;
1090 uint32_t cmd;
1091
1092 /*
1093 * Main switch processes transaction create/delete sequences only.
1094 * Use icmd (DELETEs use DMSG_LNK_ERROR
1095 *
1096 * NOTE: If processing in-transaction messages you generally want
1097 * an inner switch on msg->any.head.cmd.
1098 */
1099 if (msg->state) {
1100 cmd = (msg->state->icmd & DMSGF_BASECMDMASK) |
1101 (msg->any.head.cmd & (DMSGF_CREATE |
1102 DMSGF_DELETE |
1103 DMSGF_REPLY));
1104 } else {
1105 cmd = 0;
1106 }
1107
1108 switch(cmd) {
1109 case DMSG_LNK_PING:
1110 /*
1111 * Received ping, send reply
1112 */
1113 rep = kdmsg_msg_alloc(msg->state, DMSG_LNK_PING | DMSGF_REPLY,
1114 NULL, NULL);
1115 kdmsg_msg_write(rep);
1116 break;
1117 case DMSG_LNK_PING | DMSGF_REPLY:
1118 /* ignore replies */
1119 break;
1120 case DMSG_LNK_CONN | DMSGF_CREATE:
1121 case DMSG_LNK_CONN | DMSGF_CREATE | DMSGF_DELETE:
1122 /*
1123 * Received LNK_CONN transaction. Transmit response and
1124 * leave transaction open, which allows the other end to
1125 * start to the SPAN protocol.
1126 *
1127 * Handle shim after acknowledging the CONN.
1128 */
1129 if ((msg->any.head.cmd & DMSGF_DELETE) == 0) {
1130 if (iocom->flags & KDMSG_IOCOMF_AUTOCONN) {
1131 kdmsg_msg_result(msg, 0);
1132 if (iocom->auto_callback)
1133 iocom->auto_callback(msg);
1134 } else {
1135 error = iocom->rcvmsg(msg);
1136 }
1137 break;
1138 }
1139 /* fall through */
1140 case DMSG_LNK_CONN | DMSGF_DELETE:
1141 /*
1142 * This message is usually simulated after a link is lost
1143 * to clean up the transaction.
1144 */
1145 if (iocom->flags & KDMSG_IOCOMF_AUTOCONN) {
1146 if (iocom->auto_callback)
1147 iocom->auto_callback(msg);
1148 kdmsg_msg_reply(msg, 0);
1149 } else {
1150 error = iocom->rcvmsg(msg);
1151 }
1152 break;
1153 case DMSG_LNK_SPAN | DMSGF_CREATE:
1154 case DMSG_LNK_SPAN | DMSGF_CREATE | DMSGF_DELETE:
1155 /*
1156 * Received LNK_SPAN transaction. We do not have to respond
1157 * (except on termination), but we must leave the transaction
1158 * open.
1159 *
1160 * Handle shim after acknowledging the SPAN.
1161 */
1162 if (iocom->flags & KDMSG_IOCOMF_AUTORXSPAN) {
1163 if ((msg->any.head.cmd & DMSGF_DELETE) == 0) {
1164 if (iocom->auto_callback)
1165 iocom->auto_callback(msg);
1166 break;
1167 }
1168 /* fall through */
1169 } else {
1170 error = iocom->rcvmsg(msg);
1171 break;
1172 }
1173 /* fall through */
1174 case DMSG_LNK_SPAN | DMSGF_DELETE:
1175 /*
1176 * Process shims (auto_callback) before cleaning up the
1177 * circuit structure and closing the transactions. Device
1178 * driver should ensure that the circuit is not used after
1179 * the auto_callback() returns.
1180 *
1181 * Handle shim before closing the SPAN transaction.
1182 */
1183 if (iocom->flags & KDMSG_IOCOMF_AUTORXSPAN) {
1184 if (iocom->auto_callback)
1185 iocom->auto_callback(msg);
1186 kdmsg_msg_reply(msg, 0);
1187 } else {
1188 error = iocom->rcvmsg(msg);
1189 }
1190 break;
1191 default:
1192 /*
1193 * Anything unhandled goes into rcvmsg.
1194 *
1195 * NOTE: Replies to link-level messages initiated by our side
1196 * are handled by the state callback, they are NOT
1197 * handled here.
1198 */
1199 error = iocom->rcvmsg(msg);
1200 break;
1201 }
1202 return (error);
1203 }
1204
1205 /*
1206 * Post-receive-handling message and state cleanup. This routine is called
1207 * after the state function handling/callback to properly dispose of the
1208 * message and unlink the state's parent/subq linkage if the state is
1209 * completely closed.
1210 *
1211 * msglk is not held.
1212 */
1213 static
1214 void
1215 kdmsg_state_cleanuprx(kdmsg_msg_t *msg)
1216 {
1217 kdmsg_state_t *state = msg->state;
1218 kdmsg_iocom_t *iocom = state->iocom;
1219
1220 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
1221 if (state != &iocom->state0) {
1222 /*
1223 * When terminating a transaction (in either direction), all
1224 * sub-states are aborted.
1225 */
1226 if ((msg->any.head.cmd & DMSGF_DELETE) &&
1227 TAILQ_FIRST(&msg->state->subq)) {
1228 kdio_printf(iocom, 2,
1229 "simulate failure for substates of "
1230 "state %p cmd %08x/%08x\n",
1231 msg->state,
1232 msg->state->rxcmd,
1233 msg->state->txcmd);
1234 kdmsg_simulate_failure(msg->state,
1235 0, DMSG_ERR_LOSTLINK);
1236 }
1237
1238 /*
1239 * Once the state is fully closed we can (try to) remove it
1240 * from the subq topology.
1241 */
1242 if ((state->flags & KDMSG_STATE_SUBINSERTED) &&
1243 (state->rxcmd & DMSGF_DELETE) &&
1244 (state->txcmd & DMSGF_DELETE)) {
1245 /*
1246 * Remove parent linkage if state is completely closed.
1247 */
1248 kdmsg_subq_delete(state);
1249 }
1250 }
1251 kdmsg_msg_free(msg);
1252
1253 lockmgr(&iocom->msglk, LK_RELEASE);
1254 }
1255
1256 /*
1257 * Remove state from its parent's subq. This can wind up recursively
1258 * dropping the parent upward.
1259 *
1260 * NOTE: Once we drop the parent, our pstate pointer may become invalid.
1261 */
1262 static
1263 void
1264 kdmsg_subq_delete(kdmsg_state_t *state)
1265 {
1266 kdmsg_state_t *pstate;
1267
1268 if (state->flags & KDMSG_STATE_SUBINSERTED) {
1269 pstate = state->parent;
1270 KKASSERT(pstate);
1271 if (pstate->scan == state)
1272 pstate->scan = NULL;
1273 TAILQ_REMOVE(&pstate->subq, state, entry);
1274 state->flags &= ~KDMSG_STATE_SUBINSERTED;
1275 state->parent = NULL;
1276 if (TAILQ_EMPTY(&pstate->subq)) {
1277 kdmsg_state_drop(pstate);/* pstate->subq */
1278 }
1279 pstate = NULL; /* safety */
1280 kdmsg_state_drop(state); /* pstate->subq */
1281 } else {
1282 KKASSERT(state->parent == NULL);
1283 }
1284 }
1285
1286 /*
1287 * Simulate receiving a message which terminates an active transaction
1288 * state. Our simulated received message must set DELETE and may also
1289 * have to set CREATE. It must also ensure that all fields are set such
1290 * that the receive handling code can find the state (kdmsg_state_msgrx())
1291 * or an endless loop will ensue.
1292 *
1293 * This is used when the other end of the link is dead so the device driver
1294 * gets a completed transaction for all pending states.
1295 *
1296 * Called with iocom locked.
1297 */
1298 static
1299 void
1300 kdmsg_simulate_failure(kdmsg_state_t *state, int meto, int error)
1301 {
1302 kdmsg_state_t *substate;
1303
1304 kdmsg_state_hold(state); /* aborting */
1305
1306 /*
1307 * Abort parent state first. Parent will not actually disappear
1308 * until children are gone. Device drivers must handle the situation.
1309 * The advantage of this is that device drivers can flag the situation
1310 * as an interlock against new operations on dying states. And since
1311 * device operations are often asynchronous anyway, this sequence of
1312 * events works out better.
1313 */
1314 if (meto)
1315 kdmsg_state_abort(state);
1316
1317 /*
1318 * Recurse through any children.
1319 */
1320 again:
1321 TAILQ_FOREACH(substate, &state->subq, entry) {
1322 if (substate->flags & KDMSG_STATE_ABORTING)
1323 continue;
1324 state->scan = substate;
1325 kdmsg_simulate_failure(substate, 1, error);
1326 if (state->scan != substate)
1327 goto again;
1328 }
1329 kdmsg_state_drop(state); /* aborting */
1330 }
1331
1332 static
1333 void
1334 kdmsg_state_abort(kdmsg_state_t *state)
1335 {
1336 kdmsg_msg_t *msg;
1337
1338 /*
1339 * Set ABORTING and DYING, return if already set. If the state was
1340 * just allocated we defer the abort operation until the related
1341 * message is processed.
1342 */
1343 KKASSERT((state->flags & KDMSG_STATE_ABORTING) == 0);
1344 if (state->flags & KDMSG_STATE_ABORTING)
1345 return;
1346 state->flags |= KDMSG_STATE_ABORTING;
1347 kdmsg_state_dying(state);
1348 if (state->flags & KDMSG_STATE_NEW) {
1349 kdio_printf(iocom, 5,
1350 "kdmsg_state_abort(0): state %p rxcmd %08x "
1351 "txcmd %08x flags %08x - in NEW state\n",
1352 state, state->rxcmd,
1353 state->txcmd, state->flags);
1354 return;
1355 }
1356
1357 /*
1358 * NOTE: The DELETE flag might already be set due to an early
1359 * termination.
1360 *
1361 * NOTE: Args to kdmsg_msg_alloc() to avoid dynamic state allocation.
1362 *
1363 * NOTE: We are simulating a received message using our state
1364 * (vs a message generated by the other side using its state),
1365 * so we must invert DMSGF_REVTRANS and DMSGF_REVCIRC.
1366 */
1367 kdio_printf(iocom, 5,
1368 "kdmsg_state_abort(1): state %p rxcmd %08x txcmd %08x\n",
1369 state, state->rxcmd, state->txcmd);
1370 if ((state->rxcmd & DMSGF_DELETE) == 0) {
1371 msg = kdmsg_msg_alloc(state, DMSG_LNK_ERROR, NULL, NULL);
1372 if ((state->rxcmd & DMSGF_CREATE) == 0)
1373 msg->any.head.cmd |= DMSGF_CREATE;
1374 msg->any.head.cmd |= DMSGF_DELETE |
1375 (state->rxcmd & DMSGF_REPLY);
1376 msg->any.head.cmd ^= (DMSGF_REVTRANS | DMSGF_REVCIRC);
1377 msg->any.head.error = DMSG_ERR_LOSTLINK;
1378 kdio_printf(iocom, 5,
1379 "kdmsg_state_abort(a): state %p msgcmd %08x\n",
1380 state, msg->any.head.cmd);
1381 /* circuit not initialized */
1382 lockmgr(&state->iocom->msglk, LK_RELEASE);
1383 kdmsg_msg_receive_handling(msg);
1384 lockmgr(&state->iocom->msglk, LK_EXCLUSIVE);
1385 msg = NULL;
1386 }
1387 kdio_printf(iocom, 5,
1388 "kdmsg_state_abort(2): state %p rxcmd %08x txcmd %08x\n",
1389 state, state->rxcmd, state->txcmd);
1390 }
1391
1392 /*
1393 * Recursively sets KDMSG_STATE_DYING on state and all sub-states, preventing
1394 * the transmission of any new messages on these states. This is done
1395 * atomically when parent state is terminating, whereas setting ABORTING is
1396 * not atomic and can leak races.
1397 */
1398 static
1399 void
1400 kdmsg_state_dying(kdmsg_state_t *state)
1401 {
1402 kdmsg_state_t *scan;
1403
1404 if ((state->flags & KDMSG_STATE_DYING) == 0) {
1405 state->flags |= KDMSG_STATE_DYING;
1406 TAILQ_FOREACH(scan, &state->subq, entry)
1407 kdmsg_state_dying(scan);
1408 }
1409 }
1410
1411 /*
1412 * Process state tracking for a message prior to transmission.
1413 *
1414 * Called with msglk held and the msg dequeued. Returns non-zero if
1415 * the message is bad and should be deleted by the caller.
1416 *
1417 * One-off messages are usually with dummy state and msg->state may be NULL
1418 * in this situation.
1419 *
1420 * New transactions (when CREATE is set) will insert the state.
1421 *
1422 * May request that caller discard the message by setting *discardp to 1.
1423 * A NULL state may be returned in this case.
1424 */
1425 static
1426 int
1427 kdmsg_state_msgtx(kdmsg_msg_t *msg)
1428 {
1429 kdmsg_iocom_t *iocom = msg->state->iocom;
1430 kdmsg_state_t *state;
1431 int error;
1432
1433 /*
1434 * Make sure a state structure is ready to go in case we need a new
1435 * one. This is the only routine which uses freewr_state so no
1436 * races are possible.
1437 */
1438 if ((state = iocom->freewr_state) == NULL) {
1439 state = kmalloc(sizeof(*state), iocom->mmsg, M_WAITOK | M_ZERO);
1440 state->flags = KDMSG_STATE_DYNAMIC;
1441 state->iocom = iocom;
1442 state->refs = 1;
1443 TAILQ_INIT(&state->subq);
1444 iocom->freewr_state = state;
1445 }
1446
1447 /*
1448 * Lock RB tree. If persistent state is present it will have already
1449 * been assigned to msg.
1450 */
1451 state = msg->state;
1452
1453 /*
1454 * Short-cut one-off or mid-stream messages (state may be NULL).
1455 */
1456 if ((msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE |
1457 DMSGF_ABORT)) == 0) {
1458 return(0);
1459 }
1460
1461
1462 /*
1463 * Switch on CREATE, DELETE, REPLY, and also handle ABORT from
1464 * inside the case statements.
1465 */
1466 switch(msg->any.head.cmd & (DMSGF_CREATE | DMSGF_DELETE |
1467 DMSGF_REPLY)) {
1468 case DMSGF_CREATE:
1469 case DMSGF_CREATE | DMSGF_DELETE:
1470 /*
1471 * Insert the new persistent message state and mark
1472 * half-closed if DELETE is set. Since this is a new
1473 * message it isn't possible to transition into the fully
1474 * closed state here.
1475 *
1476 * XXX state must be assigned and inserted by
1477 * kdmsg_msg_write(). txcmd is assigned by us
1478 * on-transmit.
1479 */
1480 KKASSERT(state != NULL);
1481 state->icmd = msg->any.head.cmd & DMSGF_BASECMDMASK;
1482 state->txcmd = msg->any.head.cmd & ~DMSGF_DELETE;
1483 state->rxcmd = DMSGF_REPLY;
1484 state->flags &= ~KDMSG_STATE_NEW;
1485 error = 0;
1486 break;
1487 case DMSGF_DELETE:
1488 /*
1489 * Sent ABORT+DELETE in case where msgid has already
1490 * been fully closed, ignore the message.
1491 */
1492 if (state == &iocom->state0) {
1493 if (msg->any.head.cmd & DMSGF_ABORT) {
1494 error = EALREADY;
1495 } else {
1496 kdio_printf(iocom, 1,
1497 "msgtx: no state match "
1498 "for DELETE cmd=%08x msgid=%016jx\n",
1499 msg->any.head.cmd,
1500 (intmax_t)msg->any.head.msgid);
1501 error = EINVAL;
1502 }
1503 break;
1504 }
1505
1506 /*
1507 * Sent ABORT+DELETE in case where msgid has
1508 * already been reused for an unrelated message,
1509 * ignore the message.
1510 */
1511 if ((state->txcmd & DMSGF_CREATE) == 0) {
1512 if (msg->any.head.cmd & DMSGF_ABORT) {
1513 error = EALREADY;
1514 } else {
1515 kdio_printf(iocom, 1, "%s\n",
1516 "msgtx: state reused "
1517 "for DELETE");
1518 error = EINVAL;
1519 }
1520 break;
1521 }
1522 error = 0;
1523 break;
1524 default:
1525 /*
1526 * Check for mid-stream ABORT command sent
1527 */
1528 if (msg->any.head.cmd & DMSGF_ABORT) {
1529 if (state == &state->iocom->state0 ||
1530 (state->txcmd & DMSGF_CREATE) == 0) {
1531 error = EALREADY;
1532 break;
1533 }
1534 }
1535 error = 0;
1536 break;
1537 case DMSGF_REPLY | DMSGF_CREATE:
1538 case DMSGF_REPLY | DMSGF_CREATE | DMSGF_DELETE:
1539 /*
1540 * When transmitting a reply with CREATE set the original
1541 * persistent state message should already exist.
1542 */
1543 if (state == &state->iocom->state0) {
1544 kdio_printf(iocom, 1, "%s\n",
1545 "msgtx: no state match "
1546 "for REPLY | CREATE");
1547 error = EINVAL;
1548 break;
1549 }
1550 state->txcmd = msg->any.head.cmd & ~DMSGF_DELETE;
1551 error = 0;
1552 break;
1553 case DMSGF_REPLY | DMSGF_DELETE:
1554 /*
1555 * When transmitting a reply with DELETE set the original
1556 * persistent state message should already exist.
1557 *
1558 * This is very similar to the REPLY|CREATE|* case except
1559 * txcmd is already stored, so we just add the DELETE flag.
1560 *
1561 * Sent REPLY+ABORT+DELETE in case where msgid has
1562 * already been fully closed, ignore the message.
1563 */
1564 if (state == &state->iocom->state0) {
1565 if (msg->any.head.cmd & DMSGF_ABORT) {
1566 error = EALREADY;
1567 } else {
1568 kdio_printf(iocom, 1, "%s\n",
1569 "msgtx: no state match "
1570 "for REPLY | DELETE");
1571 error = EINVAL;
1572 }
1573 break;
1574 }
1575
1576 /*
1577 * Sent REPLY+ABORT+DELETE in case where msgid has already
1578 * been reused for an unrelated message, ignore the message.
1579 */
1580 if ((state->txcmd & DMSGF_CREATE) == 0) {
1581 if (msg->any.head.cmd & DMSGF_ABORT) {
1582 error = EALREADY;
1583 } else {
1584 kdio_printf(iocom, 1, "%s\n",
1585 "msgtx: state reused "
1586 "for REPLY | DELETE");
1587 error = EINVAL;
1588 }
1589 break;
1590 }
1591 error = 0;
1592 break;
1593 case DMSGF_REPLY:
1594 /*
1595 * Check for mid-stream ABORT reply sent.
1596 *
1597 * One-off REPLY messages are allowed for e.g. status updates.
1598 */
1599 if (msg->any.head.cmd & DMSGF_ABORT) {
1600 if (state == &state->iocom->state0 ||
1601 (state->txcmd & DMSGF_CREATE) == 0) {
1602 error = EALREADY;
1603 break;
1604 }
1605 }
1606 error = 0;
1607 break;
1608 }
1609
1610 /*
1611 * Set interlock (XXX hack) in case the send side blocks and a
1612 * response is returned before kdmsg_state_cleanuptx() can be
1613 * run.
1614 */
1615 if (state && error == 0)
1616 state->flags |= KDMSG_STATE_INTERLOCK;
1617
1618 return (error);
1619 }
1620
1621 /*
1622 * Called with iocom locked.
1623 */
1624 static
1625 void
1626 kdmsg_state_cleanuptx(kdmsg_msg_t *msg)
1627 {
1628 kdmsg_iocom_t *iocom = msg->state->iocom;
1629 kdmsg_state_t *state;
1630
1631 if ((state = msg->state) == NULL) {
1632 kdmsg_msg_free(msg);
1633 return;
1634 }
1635
1636 /*
1637 * Clear interlock (XXX hack) in case the send side blocks and a
1638 * response is returned in the other thread before
1639 * kdmsg_state_cleanuptx() can be run. We maintain our hold on
1640 * iocom->msglk so we can do this before completing our task.
1641 */
1642 if (state->flags & KDMSG_STATE_SIGNAL) {
1643 kdio_printf(iocom, 1, "state %p interlock!\n", state);
1644 wakeup(state);
1645 }
1646 state->flags &= ~(KDMSG_STATE_INTERLOCK | KDMSG_STATE_SIGNAL);
1647 kdmsg_state_hold(state);
1648
1649 if (msg->any.head.cmd & DMSGF_DELETE) {
1650 KKASSERT((state->txcmd & DMSGF_DELETE) == 0);
1651 state->txcmd |= DMSGF_DELETE;
1652 if (state->rxcmd & DMSGF_DELETE) {
1653 KKASSERT(state->flags & KDMSG_STATE_RBINSERTED);
1654 if (state->txcmd & DMSGF_REPLY) {
1655 KKASSERT(msg->any.head.cmd &
1656 DMSGF_REPLY);
1657 RB_REMOVE(kdmsg_state_tree,
1658 &iocom->staterd_tree, state);
1659 } else {
1660 KKASSERT((msg->any.head.cmd &
1661 DMSGF_REPLY) == 0);
1662 RB_REMOVE(kdmsg_state_tree,
1663 &iocom->statewr_tree, state);
1664 }
1665 state->flags &= ~KDMSG_STATE_RBINSERTED;
1666
1667 /*
1668 * The subq recursion is used for parent linking and
1669 * scanning the topology for aborts, we can only
1670 * remove leafs. The circuit is effectively dead now,
1671 * but topology won't be torn down until all of its
1672 * children have finished/aborted.
1673 *
1674 * This is particularly important for end-point
1675 * devices which might need to access private data
1676 * in parent states. Out of order disconnects can
1677 * occur if an end-point device is processing a
1678 * message transaction asynchronously because abort
1679 * requests are basically synchronous and it probably
1680 * isn't convenient (or possible) for the end-point
1681 * to abort an asynchronous operation.
1682 */
1683 if (TAILQ_EMPTY(&state->subq))
1684 kdmsg_subq_delete(state);
1685 kdmsg_msg_free(msg);
1686 kdmsg_state_drop(state); /* state on rbtree */
1687 } else {
1688 kdmsg_msg_free(msg);
1689 }
1690 } else {
1691 kdmsg_msg_free(msg);
1692 }
1693
1694 /*
1695 * Deferred abort after transmission.
1696 */
1697 if ((state->flags & (KDMSG_STATE_ABORTING | KDMSG_STATE_DYING)) &&
1698 (state->rxcmd & DMSGF_DELETE) == 0) {
1699 kdio_printf(iocom, 5,
1700 "kdmsg_state_cleanuptx: state=%p "
1701 "executing deferred abort\n",
1702 state);
1703 state->flags &= ~KDMSG_STATE_ABORTING;
1704 kdmsg_state_abort(state);
1705 }
1706 kdmsg_state_drop(state);
1707 }
1708
1709 static
1710 void
1711 _kdmsg_state_hold(kdmsg_state_t *state KDMSG_DEBUG_ARGS)
1712 {
1713 atomic_add_int(&state->refs, 1);
1714 #if KDMSG_DEBUG
1715 kd_printf(4, "state %p +%d\t%s:%d\n", state, state->refs, file, line);
1716 #endif
1717 }
1718
1719 static
1720 void
1721 _kdmsg_state_drop(kdmsg_state_t *state KDMSG_DEBUG_ARGS)
1722 {
1723 KKASSERT(state->refs > 0);
1724 #if KDMSG_DEBUG
1725 kd_printf(4, "state %p -%d\t%s:%d\n", state, state->refs, file, line);
1726 #endif
1727 if (atomic_fetchadd_int(&state->refs, -1) == 1)
1728 kdmsg_state_free(state);
1729 }
1730
1731 static
1732 void
1733 kdmsg_state_free(kdmsg_state_t *state)
1734 {
1735 kdmsg_iocom_t *iocom = state->iocom;
1736
1737 KKASSERT((state->flags & KDMSG_STATE_RBINSERTED) == 0);
1738 KKASSERT((state->flags & KDMSG_STATE_SUBINSERTED) == 0);
1739 KKASSERT(TAILQ_EMPTY(&state->subq));
1740
1741 if (state != &state->iocom->state0)
1742 kfree(state, iocom->mmsg);
1743 }
1744
1745 kdmsg_msg_t *
1746 kdmsg_msg_alloc(kdmsg_state_t *state, uint32_t cmd,
1747 int (*func)(kdmsg_state_t *, kdmsg_msg_t *), void *data)
1748 {
1749 kdmsg_iocom_t *iocom = state->iocom;
1750 kdmsg_state_t *pstate;
1751 kdmsg_msg_t *msg;
1752 size_t hbytes;
1753
1754 KKASSERT(iocom != NULL);
1755 hbytes = (cmd & DMSGF_SIZE) * DMSG_ALIGN;
1756 msg = kmalloc(offsetof(struct kdmsg_msg, any) + hbytes,
1757 iocom->mmsg, M_WAITOK | M_ZERO);
1758 msg->hdr_size = hbytes;
1759
1760 if ((cmd & (DMSGF_CREATE | DMSGF_REPLY)) == DMSGF_CREATE) {
1761 /*
1762 * New transaction, requires tracking state and a unique
1763 * msgid to be allocated.
1764 *
1765 * It is possible to race a circuit failure, inherit the
1766 * parent's STATE_DYING flag to trigger an abort sequence
1767 * in the transmit path. By not inheriting ABORTING the
1768 * abort sequence can recurse.
1769 *
1770 * NOTE: The transactions has not yet been initiated so we
1771 * cannot set DMSGF_CREATE/DELETE bits in txcmd or rxcmd.
1772 * We have to properly setup DMSGF_REPLY, however.
1773 */
1774 pstate = state;
1775 state = kmalloc(sizeof(*state), iocom->mmsg, M_WAITOK | M_ZERO);
1776 TAILQ_INIT(&state->subq);
1777 state->iocom = iocom;
1778 state->parent = pstate;
1779 state->flags = KDMSG_STATE_DYNAMIC |
1780 KDMSG_STATE_NEW;
1781 state->func = func;
1782 state->any.any = data;
1783 state->msgid = (uint64_t)(uintptr_t)state;
1784 /*msg->any.head.msgid = state->msgid;XXX*/
1785
1786 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
1787 if (RB_INSERT(kdmsg_state_tree, &iocom->statewr_tree, state))
1788 panic("duplicate msgid allocated");
1789 if (TAILQ_EMPTY(&pstate->subq))
1790 kdmsg_state_hold(pstate);/* pstate->subq */
1791 TAILQ_INSERT_TAIL(&pstate->subq, state, entry);
1792 state->flags |= KDMSG_STATE_RBINSERTED |
1793 KDMSG_STATE_SUBINSERTED;
1794 state->flags |= pstate->flags & KDMSG_STATE_DYING;
1795 kdmsg_state_hold(state); /* pstate->subq */
1796 kdmsg_state_hold(state); /* state on rbtree */
1797 kdmsg_state_hold(state); /* msg->state */
1798 lockmgr(&iocom->msglk, LK_RELEASE);
1799 } else {
1800 pstate = state->parent;
1801 KKASSERT(pstate != NULL);
1802 kdmsg_state_hold(state); /* msg->state */
1803 }
1804
1805 if (state->flags & KDMSG_STATE_OPPOSITE)
1806 cmd |= DMSGF_REVTRANS;
1807 if (pstate->flags & KDMSG_STATE_OPPOSITE)
1808 cmd |= DMSGF_REVCIRC;
1809
1810 msg->any.head.magic = DMSG_HDR_MAGIC;
1811 msg->any.head.cmd = cmd;
1812 msg->any.head.msgid = state->msgid;
1813 msg->any.head.circuit = pstate->msgid;
1814 msg->state = state;
1815
1816 return (msg);
1817 }
1818
1819 void
1820 kdmsg_msg_free(kdmsg_msg_t *msg)
1821 {
1822 kdmsg_iocom_t *iocom = msg->state->iocom;
1823 kdmsg_state_t *state;
1824
1825 if ((msg->flags & KDMSG_FLAG_AUXALLOC) &&
1826 msg->aux_data && msg->aux_size) {
1827 kfree(msg->aux_data, iocom->mmsg);
1828 msg->flags &= ~KDMSG_FLAG_AUXALLOC;
1829 }
1830 if ((state = msg->state) != NULL) {
1831 msg->state = NULL;
1832 kdmsg_state_drop(state); /* msg->state */
1833 }
1834 msg->aux_data = NULL;
1835 msg->aux_size = 0;
1836
1837 kfree(msg, iocom->mmsg);
1838 }
1839
1840 void
1841 kdmsg_detach_aux_data(kdmsg_msg_t *msg, kdmsg_data_t *data)
1842 {
1843 if (msg->flags & KDMSG_FLAG_AUXALLOC) {
1844 data->aux_data = msg->aux_data;
1845 data->aux_size = msg->aux_size;
1846 data->iocom = msg->state->iocom;
1847 msg->flags &= ~KDMSG_FLAG_AUXALLOC;
1848 } else {
1849 data->aux_data = NULL;
1850 data->aux_size = 0;
1851 data->iocom = msg->state->iocom;
1852 }
1853 }
1854
1855 void
1856 kdmsg_free_aux_data(kdmsg_data_t *data)
1857 {
1858 if (data->aux_data)
1859 kfree(data->aux_data, data->iocom->mmsg);
1860 }
1861
1862 /*
1863 * Indexed messages are stored in a red-black tree indexed by their
1864 * msgid. Only persistent messages are indexed.
1865 */
1866 int
1867 kdmsg_state_cmp(kdmsg_state_t *state1, kdmsg_state_t *state2)
1868 {
1869 if (state1->iocom < state2->iocom)
1870 return(-1);
1871 if (state1->iocom > state2->iocom)
1872 return(1);
1873 if (state1->msgid < state2->msgid)
1874 return(-1);
1875 if (state1->msgid > state2->msgid)
1876 return(1);
1877 return(0);
1878 }
1879
1880 /*
1881 * Write a message. All requisit command flags have been set.
1882 *
1883 * If msg->state is non-NULL the message is written to the existing
1884 * transaction. msgid will be set accordingly.
1885 *
1886 * If msg->state is NULL and CREATE is set new state is allocated and
1887 * (func, data) is installed. A msgid is assigned.
1888 *
1889 * If msg->state is NULL and CREATE is not set the message is assumed
1890 * to be a one-way message. The originator must assign the msgid
1891 * (or leave it 0, which is typical.
1892 *
1893 * This function merely queues the message to the management thread, it
1894 * does not write to the message socket/pipe.
1895 */
1896 void
1897 kdmsg_msg_write(kdmsg_msg_t *msg)
1898 {
1899 kdmsg_iocom_t *iocom = msg->state->iocom;
1900
1901 lockmgr(&iocom->msglk, LK_EXCLUSIVE);
1902 kdmsg_msg_write_locked(iocom, msg);
1903 lockmgr(&iocom->msglk, LK_RELEASE);
1904 }
1905
1906 static void
1907 kdmsg_msg_write_locked(kdmsg_iocom_t *iocom, kdmsg_msg_t *msg)
1908 {
1909 kdmsg_state_t *state;
1910
1911 if (msg->state) {
1912 /*
1913 * Continuance or termination of existing transaction.
1914 * The transaction could have been initiated by either end.
1915 *
1916 * (Function callback and aux data for the receive side can
1917 * be replaced or left alone).
1918 */
1919 state = msg->state;
1920 msg->any.head.msgid = state->msgid;
1921 } else {
1922 /*
1923 * One-off message (always uses msgid 0 to distinguish
1924 * between a possibly lost in-transaction message due to
1925 * competing aborts and a real one-off message?)
1926 */
1927 state = NULL;
1928 msg->any.head.msgid = 0;
1929 }
1930
1931 #if 0
1932 /*
1933 * XXX removed - don't make this a panic, allow the state checks
1934 * below to catch the situation.
1935 *
1936 * This flag is not set until after the tx thread has drained
1937 * the tx msgq and simulated responses. After that point the
1938 * txthread is dead and can no longer simulate responses.
1939 *
1940 * Device drivers should never try to send a message once this
1941 * flag is set. They should have detected (through the state
1942 * closures) that the link is in trouble.
1943 */
1944 if (iocom->flags & KDMSG_IOCOMF_EXITNOACC) {
1945 lockmgr(&iocom->msglk, LK_RELEASE);
1946 panic("kdmsg_msg_write: Attempt to write message to "
1947 "terminated iocom\n");
1948 }
1949 #endif
1950
1951 /*
1952 * For stateful messages, if the circuit is dead or dying we have
1953 * to abort the potentially newly-created state and discard the
1954 * message.
1955 *
1956 * - We must discard the message because the other end will not
1957 * be expecting any more messages over the dead or dying circuit
1958 * and might not be able to receive them.
1959 *
1960 * - We abort the state by simulating a failure to generate a fake
1961 * incoming DELETE. This will trigger the state callback and allow
1962 * the device to clean things up and reply, closing the outgoing
1963 * direction and allowing the state to be freed.
1964 *
1965 * This situation occurs quite often, particularly as SPANs stabilize.
1966 * End-points must do the right thing.
1967 */
1968 if (state) {
1969 KKASSERT((state->txcmd & DMSGF_DELETE) == 0);
1970 if (state->flags & KDMSG_STATE_DYING) {
1971 #if 0
1972 if ((state->flags & KDMSG_STATE_DYING) ||
1973 (state->parent->txcmd & DMSGF_DELETE) ||
1974 (state->parent->flags & KDMSG_STATE_DYING)) {
1975 #endif
1976 kdio_printf(iocom, 4,
1977 "kdmsg_msg_write: Write to dying circuit "
1978 "state=%p "
1979 "ptxcmd=%08x prxcmd=%08x flags=%08x\n",
1980 state,
1981 state->parent->rxcmd,
1982 state->parent->txcmd,
1983 state->parent->flags);
1984 kdmsg_state_hold(state);
1985 kdmsg_state_msgtx(msg);
1986 kdmsg_state_cleanuptx(msg);
1987 kdmsg_state_drop(state);
1988 return;
1989 }
1990 }
1991
1992 /*
1993 * Finish up the msg fields. Note that msg->aux_size and the
1994 * aux_bytes stored in the message header represent the unaligned
1995 * (actual) bytes of data, but the buffer is sized to an aligned
1996 * size and the CRC is generated over the aligned length.
1997 */
1998 msg->any.head.salt = /* (random << 8) | */ (iocom->msg_seq & 255);
1999 ++iocom->msg_seq;
2000
2001 if (msg->aux_data && msg->aux_size) {
2002 uint32_t abytes = DMSG_DOALIGN(msg->aux_size);
2003
2004 msg->any.head.aux_bytes = msg->aux_size;
2005 msg->any.head.aux_crc = iscsi_crc32(msg->aux_data, abytes);
2006 }
2007 msg->any.head.hdr_crc = 0;
2008 msg->any.head.hdr_crc = iscsi_crc32(msg->any.buf, msg->hdr_size);
2009
2010 TAILQ_INSERT_TAIL(&iocom->msgq, msg, qentry);
2011
2012 if (iocom->msg_ctl & KDMSG_CLUSTERCTL_SLEEPING) {
2013 atomic_clear_int(&iocom->msg_ctl,
2014 KDMSG_CLUSTERCTL_SLEEPING);
2015 wakeup(&iocom->msg_ctl);
2016 }
2017 }
2018
2019 /*
2020 * Reply to a message and terminate our side of the transaction.
2021 *
2022 * If msg->state is non-NULL we are replying to a one-way message.
2023 */
2024 void
2025 kdmsg_msg_reply(kdmsg_msg_t *msg, uint32_t error)
2026 {
2027 kdmsg_state_t *state = msg->state;
2028 kdmsg_msg_t *nmsg;
2029 uint32_t cmd;
2030
2031 /*
2032 * Reply with a simple error code and terminate the transaction.
2033 */
2034 cmd = DMSG_LNK_ERROR;
2035
2036 /*
2037 * Check if our direction has even been initiated yet, set CREATE.
2038 *
2039 * Check what direction this is (command or reply direction). Note
2040 * that txcmd might not have been initiated yet.
2041 *
2042 * If our direction has already been closed we just return without
2043 * doing anything.
2044 */
2045 if (state != &state->iocom->state0) {
2046 if (state->txcmd & DMSGF_DELETE)
2047 return;
2048 if ((state->txcmd & DMSGF_CREATE) == 0)
2049 cmd |= DMSGF_CREATE;
2050 if (state->txcmd & DMSGF_REPLY)
2051 cmd |= DMSGF_REPLY;
2052 cmd |= DMSGF_DELETE;
2053 } else {
2054 if ((msg->any.head.cmd & DMSGF_REPLY) == 0)
2055 cmd |= DMSGF_REPLY;
2056 }
2057
2058 nmsg = kdmsg_msg_alloc(state, cmd, NULL, NULL);
2059 nmsg->any.head.error = error;
2060 kdmsg_msg_write(nmsg);
2061 }
2062
2063 /*
2064 * Reply to a message and continue our side of the transaction.
2065 *
2066 * If msg->state is non-NULL we are replying to a one-way message and this
2067 * function degenerates into the same as kdmsg_msg_reply().
2068 */
2069 void
2070 kdmsg_msg_result(kdmsg_msg_t *msg, uint32_t error)
2071 {
2072 kdmsg_state_t *state = msg->state;
2073 kdmsg_msg_t *nmsg;
2074 uint32_t cmd;
2075
2076 /*
2077 * Return a simple result code, do NOT terminate the transaction.
2078 */
2079 cmd = DMSG_LNK_ERROR;
2080
2081 /*
2082 * Check if our direction has even been initiated yet, set CREATE.
2083 *
2084 * Check what direction this is (command or reply direction). Note
2085 * that txcmd might not have been initiated yet.
2086 *
2087 * If our direction has already been closed we just return without
2088 * doing anything.
2089 */
2090 if (state != &state->iocom->state0) {
2091 if (state->txcmd & DMSGF_DELETE)
2092 return;
2093 if ((state->txcmd & DMSGF_CREATE) == 0)
2094 cmd |= DMSGF_CREATE;
2095 if (state->txcmd & DMSGF_REPLY)
2096 cmd |= DMSGF_REPLY;
2097 /* continuing transaction, do not set MSGF_DELETE */
2098 } else {
2099 if ((msg->any.head.cmd & DMSGF_REPLY) == 0)
2100 cmd |= DMSGF_REPLY;
2101 }
2102
2103 nmsg = kdmsg_msg_alloc(state, cmd, NULL, NULL);
2104 nmsg->any.head.error = error;
2105 kdmsg_msg_write(nmsg);
2106 }
2107
2108 /*
2109 * Reply to a message and terminate our side of the transaction.
2110 *
2111 * If msg->state is non-NULL we are replying to a one-way message.
2112 */
2113 void
2114 kdmsg_state_reply(kdmsg_state_t *state, uint32_t error)
2115 {
2116 kdmsg_msg_t *nmsg;
2117 uint32_t cmd;
2118
2119 /*
2120 * Reply with a simple error code and terminate the transaction.
2121 */
2122 cmd = DMSG_LNK_ERROR;
2123
2124 /*
2125 * Check if our direction has even been initiated yet, set CREATE.
2126 *
2127 * Check what direction this is (command or reply direction). Note
2128 * that txcmd might not have been initiated yet.
2129 *
2130 * If our direction has already been closed we just return without
2131 * doing anything.
2132 */
2133 KKASSERT(state);
2134 if (state->txcmd & DMSGF_DELETE)
2135 return;
2136 if ((state->txcmd & DMSGF_CREATE) == 0)
2137 cmd |= DMSGF_CREATE;
2138 if (state->txcmd & DMSGF_REPLY)
2139 cmd |= DMSGF_REPLY;
2140 cmd |= DMSGF_DELETE;
2141
2142 nmsg = kdmsg_msg_alloc(state, cmd, NULL, NULL);
2143 nmsg->any.head.error = error;
2144 kdmsg_msg_write(nmsg);
2145 }
2146
2147 /*
2148 * Reply to a message and continue our side of the transaction.
2149 *
2150 * If msg->state is non-NULL we are replying to a one-way message and this
2151 * function degenerates into the same as kdmsg_msg_reply().
2152 */
2153 void
2154 kdmsg_state_result(kdmsg_state_t *state, uint32_t error)
2155 {
2156 kdmsg_msg_t *nmsg;
2157 uint32_t cmd;
2158
2159 /*
2160 * Return a simple result code, do NOT terminate the transaction.
2161 */
2162 cmd = DMSG_LNK_ERROR;
2163
2164 /*
2165 * Check if our direction has even been initiated yet, set CREATE.
2166 *
2167 * Check what direction this is (command or reply direction). Note
2168 * that txcmd might not have been initiated yet.
2169 *
2170 * If our direction has already been closed we just return without
2171 * doing anything.
2172 */
2173 KKASSERT(state);
2174 if (state->txcmd & DMSGF_DELETE)
2175 return;
2176 if ((state->txcmd & DMSGF_CREATE) == 0)
2177 cmd |= DMSGF_CREATE;
2178 if (state->txcmd & DMSGF_REPLY)
2179 cmd |= DMSGF_REPLY;
2180 /* continuing transaction, do not set MSGF_DELETE */
2181
2182 nmsg = kdmsg_msg_alloc(state, cmd, NULL, NULL);
2183 nmsg->any.head.error = error;
2184 kdmsg_msg_write(nmsg);
2185 }
DragonFly BSD